Приложение 6. Примеры запуска скриптов AppSec.Hub CLI
Сканирование кодовой базы scan_codebase.py
py scan_codebase.py --url http://hub.dev.swordfishsecurity.com/ \
--token ***** \
--appcode 0902202-1_cli \
--codebase http://gitlab.service.swordfishsecurity.com/test/java-web-project.git;master;;/;java-web-project http://gitlab.service.swordfishsecurity.com/test/web-project.git;master;;/web-project;web-projectweb-project;web-project \
--branch-filter develop
Сканирование артефакта по URL scan_artifact.py
Файловое хранилище (Login/Password)
py scan_artifact.py \
--url http://hub.dev.swordfishsecurity.com/ \
--token ****** \
--appcode 19042021_test_create_org \
--artifact https://docker.swordfishsecurity.com/nginx/apk/auth/app-prod-debug-1.0.apk
--artifact https://docker.swordfishsecurity.com/nginx/apk/auth/app-prod-debug-2.0.apk
Файловое хранилище (Anonymous)
py scan_artifact.py \
--url http://hub.dev.swordfishsecurity.com/ \
--token ****** \
--appcode 19042021_test_create_org \
--artifact https://docker.swordfishsecurity.com/nginx/apk/app-prod-debug-1.0.apk
--artifact https://docker.swordfishsecurity.com/nginx/apk/app-prod-debug-2.0.apk
type: maven (с classifier)
python scan_artifact.py \
--url http://hub.dev.swordfishsecurity.com \
--token ****** \
--appcode 09022021_cli \
--artifact https://nexus.dev.swordfishsecurity.com/repository/maven-releases/com/appsecco/456776543/1.09/456776543-1.09-classifer.war
--artifact https://nexus.dev.swordfishsecurity.com/repository/maven-releases/com/appsecco/456776543/1.10/456776543-1.10-classifer.war
type: yum
py scan_artifact.py --url http://hub.dev.swordfishsecurity.com \
--token ***** \
--appcode 09022021_cli \
--artifact https://nexus.dev.swordfishsecurity.com/repository/postid-yum/pochtaid-user-history.assembly-4.5.0-SNAPSHOT20200619055220.noarch.rpm
--artifact https://nexus.dev.swordfishsecurity.com/repository/postid-yum/pochtaid-user-history.assembly-4.5.1-SNAPSHOT20200619055220.noarch.rpm
type: docker
Cпособ 1
py scan_artifact.py \
--url http://hub.dev.swordfishsecurity.com/ \
--token ***** \
--appcode 09022021_cli \
--artifact https://nexus.test.swordfishsecurity.com:8083/java-web-project:9.17
--artifact https://nexus.test.swordfishsecurity.com:8083/java-web-project-2:9.17
Cпособ 2
py scan_artifact.py \
--url http://hub.dev.swordfishsecurity.com/ \
--token ***** \
--appcode 09022021_cli \
--artifact https://nexus.service.swordfishsecurity.com:8086/hub-core:1.4.5.7
--artifact https://nexus.service.swordfishsecurity.com:8086/hub-core:1.4.5.8
type: npm
py scan_artifact.py \
--url http://hub.dev.swordfishsecurity.com \
--token ***** \
--appcode 09022021_cli \
--artifact https://nexus.dev.swordfishsecurity.com/repository/npm-group/ngclipboard/-/ngclipboard-2.0.0.tgz
--artifact https://nexus.dev.swordfishsecurity.com/repository/npm-group/ngclipboard/-/ngclipboard-2.1.0.tgz
Сканирование экземпляра приложения scan_instance.py
py scan_instance.py --url http://hub.dev.swordfishsecurity.com/ \
--token ***** \
--appcode 0902202-1_cli \
--instance-url http://hub.dev.swordfishsecurity.com \
--instance-name inst1 \
--stage ST
Импорт результатов import_results.py
Импорт результатов из Checkmarx
py import_results.py \
--url https://hub.dev.swordfishsecurity.com \
--token ***** \
--appcode 09022021_cli \
--codebase http://gitlab.service.swordfishsecurity.com/test/java-web-project.git;master;;/;java-web-project http://gitlab.service.swordfishsecurity.com/test/web-project.git;master;;/web-project;web-projectweb-project;web-project \
--cx-tool-url https://cx93.dev.swordfishsecurity.com \
--cx-project-name kg_19082021_2_-master_1 \
--cx-team /CxServer/asdfsadfASDFASDF/kg_19082021_2 \
--quality-gate no-critical-issues
Импорт результатов из Dependency track
py import_results.py \
--url https://hub.dev.swordfishsecurity.com \
--token ***** \
--appcode 09022021_cli \
--codebase http://gitlab.service.swordfishsecurity.com/test/java-web-project.git;master;;/;java-web-project http://gitlab.service.swordfishsecurity.com/test/web-project.git;master;;/web-project;web-projectweb-project;web-project \
--dt-tool-url http://dep-track.rnd.swordfishsecurity.com \
--dt-project-name Dependency_Track_java-web-project-master \
--dt-project-uuid 619821d4-368d-4f5e-a52f-18d73d97ecb9 \
--quality-gate no-critical-issues
Импорт результатов из PT Application inspector
py import_results.py \
--url https://hub.dev.swordfishsecurity.com \
--token ***** \
--appcode 09022021_cli \
--codebase http://gitlab.service.swordfishsecurity.com/test/java-web-project.git;master;;/;java-web-project http://gitlab.service.swordfishsecurity.com/test/web-project.git;master;;/web-project;web-projectweb-project;web-project \
--ptai-tool-url https://ptai.dev.swordfishsecurity.com \
--ptai-project-id 2e96ce1d-1a32-4376-bfca-f7f1a17128c9 \
--ptai-scan-results-id c40b439e-0312-4a38-9bb8-8cea931b3bd9 \
--quality-gate no-critical-issues
Импорт результатов из Nexus (артефакты)
py import_results.py \
--url https://hub.dev.swordfishsecurity.com \
--token ***** \
--appcode 09022021_cli \
--artifact "https://nexus.dev.swordfishsecurity.com/repository/maven-releases/com/example/hub-core-f05f76e5ed7a/1.0.5454-test-task/hub-core-f05f76e5ed7a-1.0.5454-test-task.tar;Artifact-1" \
--artifact "https://nexus.test.swordfishsecurity.com/repository/maven-releases/com/example/hub-core/1.0.5452-test-task/hub-core-1.0.5452-test-task.tar;Artifact-2" \
--artifact "https://nexus.test.swordfishsecurity.com/repository/maven-releases/com/example/hub-ui/1.0.5452-test-task/hub-ui-1.0.5452-test-task.tar;Artifact-3" \
--nxiq-tool-url https://nxiq.test.swordfishsecurity.com \
--nxiq-app 12072021_nxiq_java-web-projectdocker \
--nxiq-org "Dev Company" \
--nxiq-app multi-docker
--nxiq-report 5bbfc21a24864254a58c905d475a0ea4 \
--nxiq-stage build
Импорт результатов из Aqua Security
py import_results.py \
--url https://hub.dev.swordfishsecurity.com \
--token ***** \
--appcode Aqua_demo \
--artifact https://nexus.dev.swordfishsecurity.com:8083/java-web-project:1.17 \
--aqua-tool-url https://aqua.dev.swordfishsecurity.com \
--aqua-registry aqua-demo_java-web-project-docker